您当前的位置: 首页 > 学无止境 > 心得笔记 网站首页心得笔记
04-容器虚拟化网络概述
发布时间:2020-09-05 19:07:18编辑:雪饮阅读()
Docker的网络
像是vmware支持桥接、nat、仅主机一样,我们来看看docker支持什么网络
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
9e0793038f0a bridge bridge local
a2ce16500b13 host host local
850a070c90de none null local
这里可以看到docker支持桥接、主机、和none,这里值得注意的是none,none相当于让一个容器变成数据孤岛,通俗的讲就是无法上网
Docker软交换机
Docker软交换机是docker0,如
[root@localhost ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:87ff:feea:14e6 prefixlen 64 scopeid 0x20<link>
ether 02:42:87:ea:14:e6 txqueuelen 0 (Ethernet)
RX packets 16 bytes 1088 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 656 (656.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.108.128 netmask 255.255.255.0 broadcast 192.168.108.255
inet6 fe80::e96f:43c6:938b:d1a6 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:73:73:85 txqueuelen 1000 (Ethernet)
RX packets 4254 bytes 5024613 (4.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1140 bytes 123891 (120.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 68 bytes 5920 (5.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 68 bytes 5920 (5.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth82b3232: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::68cd:3bff:fe50:1924 prefixlen 64 scopeid 0x20<link>
ether 6a:cd:3b:50:19:24 txqueuelen 0 (Ethernet)
RX packets 8 bytes 656 (656.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 1968 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vetha2c9016: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::ceb:3cff:fea7:b008 prefixlen 64 scopeid 0x20<link>
ether 0e:eb:3c:a7:b0:08 txqueuelen 0 (Ethernet)
RX packets 8 bytes 656 (656.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 656 (656.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我们还可以查看docker0的网桥信息,但是需要先安装brctl命令
[root@localhost ~]# yum install bridge-utils
Loaded plugins: fastestmirror, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.cn99.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
updates/7/x86_64/primary_db | 4.5 MB 00:00:17
Resolving Dependencies
--> Running transaction check
---> Package bridge-utils.x86_64 0:1.5-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=========================================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================================
Installing:
bridge-utils x86_64 1.5-9.el7 base 32 k
Transaction Summary
=========================================================================================================================================================
Install 1 Package
Total download size: 32 k
Installed size: 56 k
Is this ok [y/d/N]: y
Downloading packages:
bridge-utils-1.5-9.el7.x86_64.rpm | 32 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : bridge-utils-1.5-9.el7.x86_64 1/1
Verifying : bridge-utils-1.5-9.el7.x86_64 1/1
Installed:
bridge-utils.x86_64 0:1.5-9.el7
Complete!
然后就可以查看了,我们可以看到当前docker服务中有两个网络接口一般的情况下也就是对应了有两个容器在运行着。
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024287ea14e6 no veth82b3232
vetha2c9016
查看接口详情
使用ip link show可以查看各个网络接口的详情
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:73:73:85 brd ff:ff:ff:ff:ff:ff
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:87:ea:14:e6 brd ff:ff:ff:ff:ff:ff
5: veth82b3232@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 6a:cd:3b:50:19:24 brd ff:ff:ff:ff:ff:ff link-netnsid 0
7: vetha2c9016@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 0e:eb:3c:a7:b0:08 brd ff:ff:ff:ff:ff:ff link-netnsid 1
查看端口监听
我们这里假定启动了一个容器而且该容器默认脚本不是bash而是例如httpd等没有输入控制台的,那么我们要想查看该容器内部有哪些端口在使用该怎么查呢,这里假定这个启动的容器是towards3,则我们可以另外开一个会话然后执行命令如
[root@localhost ~]# docker exec -it towards3 /bin/sh
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
/ #
Wget
我们可以在一个容器里面开启一个httpd服务,然后在另外一个容器中使用wget访问,如
/ # wget -O - -q http://172.17.0.2
this is index
/ #
这里大写的o参数是可以让html内容直接输出,反正马哥这样说的。-q参数如下
-q, --quiet 安静模式 (无信息输出)。
Inspect
之前曾经说过inspect可以看到容器的详情,其实不仅仅这样,inspect还可以看到具体某个网络的详情,比如上面我们有讲过docker容器有三个网络,我们并且还用命令列出来了,那么这里我们还可以看到具体每个网络的详情,如
[root@localhost ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "9e0793038f0a2498ec26f0be22ca9eba467fdb23fffc6ca5267f3a802615d7bf",
"Created": "2020-09-05T04:13:44.670420762-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Containers": {
"1b767a128e0b6049f40a10c05b35fa51258bc4490b6951100fe8f23c0955e44b": {
"Name": "towards3",
"EndpointID": "0594e6b8c289319a15d4b576ed3c51288c51d6e7bfcacbc46175c48770f10f39",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"54430c82f1465c481397afafc4e7f367aa4e66be3b587f27e30f7e193510d63d": {
"Name": "t3",
"EndpointID": "667f6360f0f8a8ac8a748f8bb04d0520828fdda6c2a2ffdf811f333eac9471b8",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
那么我们再来温习下之前查看某个容器详情的方法
[root@localhost ~]# docker container inspect towards3
[
{
"Id": "1b767a128e0b6049f40a10c05b35fa51258bc4490b6951100fe8f23c0955e44b",
"Created": "2020-09-05T08:20:56.388363992Z",
"Path": "/bin/httpd",
"Args": [
"-f",
"-h",
"/data/html"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1474,
"ExitCode": 0,
"Error": "",
"StartedAt": "2020-09-05T08:20:57.160869294Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:023aaf0a80ce889a9b50f45efcff0f9adccd6784c4dde1f7cdea00f5451f1100",
"ResolvConfPath": "/var/lib/docker/containers/1b767a128e0b6049f40a10c05b35fa51258bc4490b6951100fe8f23c0955e44b/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/1b767a128e0b6049f40a10c05b35fa51258bc4490b6951100fe8f23c0955e44b/hostname",
"HostsPath": "/var/lib/docker/containers/1b767a128e0b6049f40a10c05b35fa51258bc4490b6951100fe8f23c0955e44b/hosts",
"LogPath": "",
"Name": "/towards3",
"RestartCount": 0,
"Driver": "overlay2",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": [
"c2d7e231d42184410a5dbcfe291374760e42817d95019b1ed4d3dcc32751a753"
],
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "docker-runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Name": "overlay2",
"Data": {
"LowerDir": "/var/lib/docker/overlay2/5bd140724fe89a4b6e4283a885e67e99557084510562d439e0f72db22660a2e4-init/diff:/var/lib/docker/overlay2 /dffa8ea04d68f47b94906eaafd095420060e61865bdf0ea667f0ce70de791b38/diff:/var/lib/docker/overlay2/c85fc5ddc2b05c93c6b2682475a635ef62a7d615bafe9b740e81b969d 6e6167d/diff",
"MergedDir": "/var/lib/docker/overlay2/5bd140724fe89a4b6e4283a885e67e99557084510562d439e0f72db22660a2e4/merged",
"UpperDir": "/var/lib/docker/overlay2/5bd140724fe89a4b6e4283a885e67e99557084510562d439e0f72db22660a2e4/diff",
"WorkDir": "/var/lib/docker/overlay2/5bd140724fe89a4b6e4283a885e67e99557084510562d439e0f72db22660a2e4/work"
}
},
"Mounts": [],
"Config": {
"Hostname": "1b767a128e0b",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/httpd",
"-f",
"-h",
"/data/html"
],
"ArgsEscaped": true,
"Image": "towards/httpd:v0.2",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "a81d3a53ed49f0206e4a7f1094e69fac39f14bc9900ee85999faa053a542e761",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/a81d3a53ed49",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "0594e6b8c289319a15d4b576ed3c51288c51d6e7bfcacbc46175c48770f10f39",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "9e0793038f0a2498ec26f0be22ca9eba467fdb23fffc6ca5267f3a802615d7bf",
"EndpointID": "0594e6b8c289319a15d4b576ed3c51288c51d6e7bfcacbc46175c48770f10f39",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
}
}
]
关键字词:inspect,wget,brctl,虚拟化
上一篇:03-Docker镜像管理基础
下一篇:05-Docker容器网络